﻿using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace IdentityServer4API
{
    public static class Config
    {
        /// <summary>
        /// 客户端
        /// </summary>
        /// <returns></returns>
        internal static IEnumerable<Client> Clients()
        {
            return new[]
             {
              //自定义客户端（通用）
              new Client
              {
                  //客户端名称
                  ClientId = "client1",
                  //客户端访问方式：密码验证
                  AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                  //设置令牌过期时间
                  AccessTokenLifetime=86400,
                  //用于认证的密码加密方式
                  ClientSecrets =
                  {
                      new Secret("secret".Sha256())
                  },
                  //客户端有权访问的范围
                  AllowedScopes = { "api",IdentityServerConstants.StandardScopes.OpenId, //必须要添加，否则报403 forbidden错误
                  IdentityServerConstants.StandardScopes.Profile }
              },
              //swagger客户端
              new Client
              {
                  ClientId = "test-id",
                  ClientName = "Test client (Code with PKCE)",
                  //禁用 consent 授权页面确认
                  RequireConsent = false, 
                  // 回调地址
                  RedirectUris = new[] {
                    "http://localhost:5000/api/swagger/oauth2-redirect.html",
                  },
                  ClientSecrets = { new Secret("test-secret".Sha256()) },
                  AllowedGrantTypes = GrantTypes.Code,
                  RequirePkce = true,
                  AllowedScopes = new[] { "api",IdentityServerConstants.StandardScopes.OpenId,
                  IdentityServerConstants.StandardScopes.Profile},
              },
              //js客服端
              new Client
              {
                  ClientId = "js", //客户端Id
                  ClientName = "JavaScript Client", //客户端名称
                  AllowedGrantTypes = GrantTypes.Code, //授权模式
                  RequirePkce = true,
                  RequireClientSecret = false,
                  RequireConsent = false, //禁用 consent 页面确认                    
                  AllowAccessTokensViaBrowser = true,
                  AlwaysIncludeUserClaimsInIdToken = true,
                  RedirectUris =
                  {
                     "http://localhost:8080/#/pages/CallBack",  //登陆后回调页面 
                     "http://localhost:8080/#/pages/RefreshToken" //刷新Token的页面
                  },
                  //PostLogoutRedirectUris = { "http://localhost:8080" },//注销退出后跳转的页面（登录页）可以不用配置    
                  AllowedCorsOrigins = { "http://localhost:8080" }, //跨域
                  AccessTokenLifetime = 60, //AccessToken 的有效时间
                  AllowedScopes =
                  {
                       IdentityServerConstants.StandardScopes.OpenId,
                       IdentityServerConstants.StandardScopes.Profile,
                       "api", //授权的Scopes
                  },
                  AllowOfflineAccess = true,
                },
            };
        }
        /// <summary>
        /// api资源
        /// </summary>
        /// <returns></returns>
        internal static IEnumerable<ApiResource> ApiResources()
        {
            return new List<ApiResource>
           {
                new ApiResource("api","my api")
                {
                    Scopes ={"api"},//重要,不配置返回 invalid_scope
                }
           };
        }
        /// <summary>
        /// api范围
        /// </summary>
        /// <returns></returns>
        internal static IEnumerable<ApiScope> GetApiScopes()
        {
            return new List<ApiScope>
           {
                new ApiScope("api")
           };
        }
        internal static IEnumerable<IdentityResource> GetIdentityResourceResources()
        {
            return new List<IdentityResource>
           {
               new IdentityResources.OpenId(),
               new IdentityResources.Profile()
           };
        }
        /// <summary>
        /// 测试用户
        /// </summary>
        /// <returns></returns>
        internal static List<TestUser> TestUsers()
        {
            return new List<TestUser>
            {
                new TestUser
                {
                    SubjectId = "joebloggs",
                    Username = "admin",
                    Password = "123456"
                }
            };
        }
    }
}
